Tags

How gun safety relates to you as a UNIX/Linux admin

Guns and UNIX Admins have some similarities. Guns, when properly used, are very powerful tools that can do a lot of good, much like a sysadmin. However, if you are careless as a sysadmin, or careless with a gun the results can be devastating and even irreversible.

One of the basic NRA gun safety rules is to "ALWAYS keep your finger off the trigger until ready to shoot." People who break this rule often end up accidentally shooting family members because when startled or surprised your instinct is to clinch and if your finger is on the trigger you are going to pull it whether you are ready or not.

This same concept directly applies to being a UNIX/Linux sysadmin. Being logged in to a root user prompt is equivalent to having your finger on the trigger. One mistake at this point, and you can cause major damage. Commands such as "rm" are extremely unforgiving and very easy to make mistakes with.

I have seen sysadmins in the habit of right when they log in to a server the first thing they do is switch over to the root account, regardless of what they need to accomplish. This is a horrible habit to get in to. You should only switch to the root prompt when absolutely necessary. If you can perform whatever task you need to do as a regular user, then do that. If only part of what you need to do requires root access, only do that one part from the root prompt and then go back to the normal user account.

You can perform a ton of functions when logged in as a regular user account such as viewing almost all of the system configuration, information about filesystems, running processes, performance information, etc. And when logged in as a regular user there is very little damage you can do to the system if you make a mistake. If being logged in as the root user is like having your finger on the trigger on a loaded gun, then being logged in as a regular user is like having a Toy Nerf Gun - you probably aren't going to do much harm.

This especially applies if you are writing and testing scripts. Never test a script as the root user unless you are on an isolated, throw away, lab server. Testing scripts as the root user is equivalent to playing with a gun - something or someone is probably going to get hurt. One method that can help with this is Writing scripts that don't actually do anything.

So remember the next time you see the root # prompt... You essentially have a loaded gun in your hand with your finger on the trigger. You need to be careful and make sure you are ready to fire and think through each step of what you are doing.